unit 9.1: republic act 10173 article I-VII
0.0(0)
Studied by 7 people
Learn
Practice Test
Spaced Repetition
Match
FlashcardsCard Sorting
1/51
Earn XP
Description and Tags
Study Analytics
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
52 Terms
1
New cards
Data Privacy Act of 2012
RA 10173
2
New cards
* Protect the **fundamental human right of privacy**, of communication while ensuring __free flow of information__
* Vital role of information and communications **technology in nation-building**
* To ensure that **personal information are secured and protected.**
* Vital role of information and communications **technology in nation-building**
* To ensure that **personal information are secured and protected.**
**Section 2.** *Declaration of Policy*
3
New cards
National Privacy Commission
**Section 3.** *Definition of Terms*
Commission
Commission
4
New cards
Data subject
**Section 3.** *Definition of Terms*
individual whose personal information is being processed
individual whose personal information is being processed
5
New cards
Personal information
**Section 3.** *Definition of Terms*
any info whether recorded in material form or not, from which the identity of an individual is apparent
any info whether recorded in material form or not, from which the identity of an individual is apparent
6
New cards
Personal information controller
**Section 3.** *Definition of Terms*
person or organization who controls the collection, holding, processing or use of personal information
person or organization who controls the collection, holding, processing or use of personal information
7
New cards
Processing
**Section 3.** *Definition of Terms*
any operation or any set of operations performed upon personal information
any operation or any set of operations performed upon personal information
8
New cards
government institution
**Section 4.** *Scope -* __*Does not apply*__
* any individual who is or was an officer or employee
* performing service under contract
* any individual who is or was an officer or employee
* performing service under contract
9
New cards
discretionary benefit
**Section 4.** *Scope -* __*Does not apply*__
* a financial nature
* a financial nature
10
New cards
public authority
**Section 4.** *Scope -* __*Does not apply*__
* Information necessary in order to carry out the functions of ___
* Information necessary in order to carry out the functions of ___
11
New cards
financial institutions
**Section 4.** *Scope -* __*Does not apply*__
* Information necessary for banks and other ___
* Information necessary for banks and other ___
12
New cards
residents of foreign jurisdictions
**Section 4.** *Scope -* __*Does not apply*__
* Personal information originally collected from ___
* Personal information originally collected from ___
13
New cards
Republic Act No. 53
**Section 5.** *Protection Afforded to Journalists & Sources*
**publishers, editors or duly accredited reporters** of any newspaper, magazine or periodical of general circulation **protection from being compelled to reveal the source of any news report** or information appearing in said publication
**publishers, editors or duly accredited reporters** of any newspaper, magazine or periodical of general circulation **protection from being compelled to reveal the source of any news report** or information appearing in said publication
14
New cards
Extraterritorial Application
**Section 6.**
Personal information about a **Philippine citizen** or a resident
Personal information about a **Philippine citizen** or a resident
15
New cards
Compliance
**Section 7.** *Functions of the National Privacy Commission*
1. ___ of personal information controllers
1. ___ of personal information controllers
16
New cards
Complaints
**Section 7.** *Functions of the National Privacy Commission*
2. Receive ___, institute investigations, facilitate or enable settlement, prepare reports on disposition, and resolution of any investigation it initiates, and, in cases it deems appropriate, publicize any such report
2. Receive ___, institute investigations, facilitate or enable settlement, prepare reports on disposition, and resolution of any investigation it initiates, and, in cases it deems appropriate, publicize any such report
17
New cards
modification of privacy codes
**Section 7.** *Functions of the National Privacy Commission*
3. Review, approve, reject or require ___ voluntarily adhered to by personal information controllers
3. Review, approve, reject or require ___ voluntarily adhered to by personal information controllers
18
New cards
Provide **assistance**
**Section 7.** *Functions of the National Privacy Commission*
4. ___ on matters relating to privacy or data protection
4. ___ on matters relating to privacy or data protection
19
New cards
implication on data privacy
**Section 7.** *Functions of the National Privacy Commission*
5. Comment on the ___ of proposed national or local statutes, regulations or procedures, issue advisory opinions and interpret the provisions
5. Comment on the ___ of proposed national or local statutes, regulations or procedures, issue advisory opinions and interpret the provisions
20
New cards
Propose **legislation, amendments or modifications**
**Section 7.** *Functions of the National Privacy Commission*
6. ___ to Philippine laws
6. ___ to Philippine laws
21
New cards
**data privacy regulators** in other countries
**Section 7.** *Functions of the National Privacy Commission*
7. Ensure proper and effective coordination with ___ and private accountability agents, participate in international and regional initiatives for data privacy protection
7. Ensure proper and effective coordination with ___ and private accountability agents, participate in international and regional initiatives for data privacy protection
22
New cards
**cross-border application** and implementation of respective privacy laws
**Section 7.** *Functions of the National Privacy Commission*
8. Negotiate and contract with other data privacy authorities of other countries for ___
8. Negotiate and contract with other data privacy authorities of other countries for ___
23
New cards
foreign privacy
**Section 7.** *Functions of the National Privacy Commission*
9. Assist Philippine companies doing business abroad to respond to ___ or data protection laws and regulations
9. Assist Philippine companies doing business abroad to respond to ___ or data protection laws and regulations
24
New cards
cross-border enforcement
**Section 7.** *Functions of the National Privacy Commission*
10. Generally perform such acts as may be necessary to facilitate ___ of data privacy protection
10. Generally perform such acts as may be necessary to facilitate ___ of data privacy protection
25
New cards
Confidentiality
**Section 8.**
26
New cards
**Privacy Commissioner**: Raymund Enriquez Liboro
**Section 9.** *Organizational Structure of the Commission*
* must be at least **thirty-five years of age**
* good moral character, unquestionable integrity and known probity, and a recognized expert in the field of information technology and data privacy
* must be at least **thirty-five years of age**
* good moral character, unquestionable integrity and known probity, and a recognized expert in the field of information technology and data privacy
27
New cards
**Deputy Privacy Commissioner**: Leandro Angelo Aguirre & John Henry Naga
**Section 9.** *Organizational Structure of the Commission*
* **recognized experts** in the field of information and communications technology and data privacy
* **recognized experts** in the field of information and communications technology and data privacy
28
New cards
3 years, additional 3 years reappointment (3-6 years)
**Section 9.** *Organizational Structure of the Commission*
Term
Term
29
New cards
5 years:
* Social Security System (SSS)
* Government Service Insurance System (GSIS)
* Land Transpo Office (LTO)
* Bureau of Internal Revenue (BIR)
* PhilHealth
* COMELEC
* Dep of Foreign Affairs (DFA)
* Dep of Justice (DOJ)
* PH Postal Corp. (Philpost)
* Social Security System (SSS)
* Government Service Insurance System (GSIS)
* Land Transpo Office (LTO)
* Bureau of Internal Revenue (BIR)
* PhilHealth
* COMELEC
* Dep of Foreign Affairs (DFA)
* Dep of Justice (DOJ)
* PH Postal Corp. (Philpost)
**Section 10.** *Secretariat*
must have served ___ in any of the ff government agencies
must have served ___ in any of the ff government agencies
30
New cards
General Data Privacy Principles
**Section 11.**
31
New cards
Criteria for Lawful Processing of Personal Info
**Section 12.**
32
New cards
Sensitive Personal Info & Privileged Info
**Section 13.**
33
New cards
Subcontract of Personal Info
**Section 14.**
34
New cards
Extension of Privileged Communication
**Section 15.**
35
New cards
Rights of Data Subject
**Section 16.**
36
New cards
Transmissibility of Rights of Data Subject
**Section 17.**
Lawful heirs
Lawful heirs
37
New cards
Right to Data Portability
**Section 18.**
**Electronic means** and in a structured and commonly used format
**Electronic means** and in a structured and commonly used format
38
New cards
Scientific and statistical research
**Section 19.** *Non-Applicability*
39
New cards
protection of personal information
**Section 20.** *Security of Personal Info*
* controller must implement reasonable and appropriate organizational, physical and technical **measures** intended for the ___
* controller must implement reasonable and appropriate organizational, physical and technical **measures** intended for the ___
40
New cards
natural dangers
**Section 20.** *Security of Personal Info*
* controller shall implement reasonable and appropriate measures to protect personal information against ___
* controller shall implement reasonable and appropriate measures to protect personal information against ___
41
New cards
**nature** of the personal information
**Section 20.** *Security of Personal Info*
* determination of appropriate level of **security measures** take into account ___
* determination of appropriate level of **security measures** take into account ___
42
New cards
third parties
**Section 20.** *Security of Personal Info*
* controller must further ensure that ___ processing personal information on its behalf shall **implement the security measures**
* controller must further ensure that ___ processing personal information on its behalf shall **implement the security measures**
43
New cards
strict confidentiality
**Section 20.** *Security of Personal Info*
* employees, agents or representatives of a personal information controller who are **involved in the processing of personal information** shall operate and hold personal information under ___
* employees, agents or representatives of a personal information controller who are **involved in the processing of personal information** shall operate and hold personal information under ___
44
New cards
identity fraud
**Section 20.** *Security of Personal Info*
* controller shall promptly notify the Commission and affected data subjects when sensitive personal information may be used to enable ___
* controller shall promptly notify the Commission and affected data subjects when sensitive personal information may be used to enable ___
45
New cards
Principle of Accountability
**Section 21.**
46
New cards
Responsibility of Heads of Agencies
**Section 22.**
47
New cards
On-site and Online Access
**Section 23.** *Requirements Relating to Access by Agency Personnel to Sensitive Personal Info*
* unless the employee has received a **security clearance** from the head of the source agency
* unless the employee has received a **security clearance** from the head of the source agency
48
New cards
Off-site Access
**Section 23.** *Requirements Relating to Access by Agency Personnel to Sensitive Personal Info*
* unless the **head** of the agency has __ensured the implementation of privacy, policies, and appropriate security measures__
* unless the **head** of the agency has __ensured the implementation of privacy, policies, and appropriate security measures__
49
New cards
2 business days
**Section 23.** *Requirements Relating to Access by Agency Personnel to Sensitive Personal Info -* __*Off-site Access*__
* In the case of any **request** submitted to the head of an agency, the head of the agency shall **approve or disapprove** the request within ___
* In the case of any **request** submitted to the head of an agency, the head of the agency shall **approve or disapprove** the request within ___
50
New cards
not more than **1000 records**
**Section 23.** *Requirements Relating to Access by Agency Personnel to Sensitive Personal Info -* __*Off-site Access*__
* If a request is **approved**
* If a request is **approved**
51
New cards
Encryption
**Section 23.** *Requirements Relating to Access by Agency Personnel to Sensitive Personal Info -* __*Off-site Access*__
* for purposes of off-site access shall be secured by the use of ___
* for purposes of off-site access shall be secured by the use of ___
52
New cards
Applicability to Government Contractors
**Section 24.**
* In entering into any contract that may involve accessing or requiring sensitive personal information **from one thousand (1,000) or more individuals**, an agency shall require a contractor and its employees to register their personal information processing system
* In entering into any contract that may involve accessing or requiring sensitive personal information **from one thousand (1,000) or more individuals**, an agency shall require a contractor and its employees to register their personal information processing system